Privacy Policy

Personal data (usually referred to just as “data” below) will only be processed by us to the extent necessary, and for the purpose of providing a functional and user-friendly website, including its contents, subdomains, and the services offered. Per Art. 4 No. 1 of Regulation (EU) 2016/679, i.e. the General Data Protection Regulation (hereinafter referred to as the “GDPR”), “processing” refers to any operation or set of operations such as collection, recording, organization, structuring, storage, use, disclosure by transmission, dissemination, or otherwise making available, or erasure performed on personal data, whether by automated means or not.
The following privacy policy is intended to inform you in particular about the type, scope, purpose, duration, and legal basis for the processing of such data either under our own control or in conjunction with others. We also inform you below about the third-party components we use to optimize our website and improve the user experience which may result in said third parties also processing data they collect and control.

The privacy policy is structured as follows:

1. Ascertainment and saving of data as well as type and purpose of their usage
2. Controller of your data
3. Data transfer
4. Rights of the data subject
5. Cookies, Google Analytics, Social Media Plug-in and tools
6. Paypal as payment method
7. External profiles

1. Ascertainment and saving of data as well as type and purpose of their usage

a) Type of handled data
• Inventory data (e.g. names, addresses).
• Contact data (e.g. e-mail, phone numbers).
• Utilization data (e.g. accessed website content, time of access).
• Meta-/communication data (e.g. machine information).

b) While visiting my website
By visiting this website a log file will record data to ensure a secure and stable website. Your IP address will anonymized, meaning the collected data can not be associated with you.
For technical reasons, the following data sent by your internet browser to our server provider will be collected: the type and version of your browser, operating system, the website from which you came (referrer URL), the webpages on my site visited, the date and time of your visit,
The basis for this storage is Art. 6 Para. 1 lit. f) GDPR. Our legitimate interest lies in the improvement, stability, functionality, and security of the website. The data will be deleted, unless continued storage is required for evidentiary purposes. In which case, all or part of the data will be excluded from deletion until the investigation of the relevant incident is finally resolved.

c) Using our shop and creating an account.
For a convenient and smooth experience in our shop, we offer account creation. If you create an account, we will store your name, address and email, which will be used to populate the checkout for future orders and to send you information about your account and order. Data is generally stored for as long as we need it, for the purpose for which it’s collected and used, and we are not legally required to continue to keep it (for example tax and accounting purposes). Failed and cancelled orders will be retained for 1 month only.
Under no circumstances are we giving away your personal data to third parties for advertising or similar purposes, we don’t like spam either.
If you choose to use our external shopss; you can find their Privacy Policy here:
Etsy: https://www.etsy.com/legal/privacy/
InPrint: https://www.inprnt.com/info/privacy/
Redbubble: https://www.redbubble.com/privacy

d) Contacting us via e-mail or contact form
Next to using e-mail for questions of any kind, we offer a contact form on our website as means to get in touch with us. In order for us to be able to reply, stating a valid e-mail is necessary. Any further information can be given voluntarily based on Art. 6 Para. 1 lit. a) GDPR. The data given by using our contact form or e-mail will be deleted automatically after the inquiry is done and there is no further legal obligation to store your data, such as an order or contract resulted therefrom.


2. Controller of your data

The party responsible for this website (the “controller”) for purposes of data protection law is:
Pen Winter
Immenkoppel 6
22339 Hamburg

Freelance Illustrator
Small firm according to §19 UStG
Finance Office Hamburg Oberalster
Mail:  contact @ pen-winter.com


3. Data transfer

Data transfer to third parties is not happening unless for the following reasons:
• You give your clear consent for us to do so, according to Art. 6 Para. 1 lit. a) GDPR,
• the transfer is necessary according to Art. 6 Para. 1 lit. f) GDPR, and there is no reason to assume you have a predominant interest of your data not being transferred,  

• the controller is legally tied to transfer data according to Art. 6 Para. 1 lit. c) GDPR, and

• if transferring is legally permissible and required to process contractual relationships according to Art. 6 Para. 1 lit. b) GDPR.


4. Rights of affected persons

Persons affected by the processing of their personal data may have rights to obtain information about the personal data that affects them, or to have such data corrected or deleted (“right to be forgotten”), or to have the processing of that data restricted or its transferability modified.

a) Right of withdrawal
You have the right to withdraw your agreement at any given time. The withdrawal does not affect the legitimacy of the process prior of the withdrawal.

b) Right to object and right to appeal
Is the processing of your personal data required to perform a task of public interest (Art. 6 Para. 1 lit. e) GDPR), or required to keep our justified interests (Art. 6 Para. 1 lit. f) GDPR), you have the right to object. Furthermore y
ou have the right to appeal to a regulatory authority if you believe that the processing of the personal data affecting you violates the GDPR.


5. Cookies, Google Analytics, Social Media tools

The portfolio parts of our website pen-winter.com only uses first-party functionality cookies, which do not require consent.
Cookies are small text files that are used to store small pieces of information. The cookies are stored on your device when the website is loaded on your browser. These cookies help us make the website function properly, make the website more secure and provide better user experience.

As most of online services, our websites use first-party and third-party cookies for a number of purposes. The first-party cookies are mostly necessary for the website to function the right way, and they do not collect any of your personally identifiable data.
The third-party cookies for our shopping cart system (WooCommerce) and checkout mechanism (PayPal) on madeby.pen-winter.com are partly sessional and required for the payment process to work and no longer have an effect once you have logged out of the site, or expire on their own. Some remain on your internet browser once you have left the site. You can reject the non functionally needed cookies on the shop with our cookie banner.
For information on how PayPal uses cookies, please see the Paypal’s Privacy Policy.
The cookie consent in our shop automatically expires after 6 months.
In addition to this, different browsers provide different methods to block and delete cookies used by websites. You can change the settings of your browser to block/delete the cookies. To find out more out more on how to manage and delete cookies, visit wikipedia.org/wiki/HTTP_cookie or www.allaboutcookies.org.

This website does not use Google Adsense or Analytics.
The privacy-enhanced mode is used for all YouTube videos, which allows to embed YouTube videos without using cookies to track viewing behaviour. This means that viewing activity isn’t collected to personalise the viewing experience. Instead, video recommendations are contextual and relate to the currently played video. This is possible by YouTube serving videos via a different URL (youtube-nocookie.com), which is Google’s way to provide videos in a GDPR-compliant way, without sending data-collecting cookies.
 


6. Paypal as payment method

PayPal is an online payment service provider, whose components are integrated in our shop. PayPal accepts trustee functions and offers buyer protection services.
The European operating company of PayPal is PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg, Luxembourg.

If the data subject chooses “PayPal” as the payment option in the online shop during the ordering process, data of the data subject is automatically transmit to PayPal. By selecting this payment option, the data subject agrees to the transfer of personal data required for payment processing. The personal data transmitted to PayPal is usually first name, last name, address, email address, IP address, telephone number, mobile phone number, or other data necessary for payment processing. The processing of the purchase contract also requires such personal data, which are in connection with the respective order. The transmission of the data is aimed at payment processing and fraud prevention. 

PayPal will, if necessary, pass on personal data to affiliates and service providers or subcontractors to the extent that this is necessary to fulfil contractual obligations or for data to be processed in the order. The data subject has the possibility to revoke consent for the handling of personal data at any time from PayPal. A revocation shall not have any effect on personal data which must be processed, used or transmitted in accordance with (contractual) payment processing. Please see the PayPal Privacy Policy for more details.


7. External profiles and Facebook

On this website, I link to our social media profiles/pages like Facebook, Instagram, twitter Youtube, tumblr, redbubble, inprint, dasAuge and Etsy. The promotional purposes of these pages are within our legitimate interest in accordance to the GDPR. The responsibility to comply with the GDPR rests with the respective service provider. 

If you visit our external profiles, your browser automatically sets up a connection to the server of the corresponding website. If you are in the possession of a account or profile of these services, and logged in, the visit of our profile will be assigned to your account. For example, by using the “like” and “share” buttons on Facebook, that data is directly transmitted and saved on servers of Facebook. In addition, that information will be published on your Facebook profile and be visible to your Facebook friends. Likewise do twitter, tumblr and Instagram and most social media websites.

These external service providers can use the collected data for the purpose of advertisement, market research and personalised presentation of their websites. Facebook, as example, can share your activity on our page with other Facebook users and use it to offer services connected to Facebook, by creating usage, interest, and relationship profiles. If you do not wish this data to be collected and assigned to your accounts, you have to log out of these before visiting my page. Purpose, usage and extent of data processing by Instagram can be found here: help.instagram.com
Twitter: twitter.com/en/privacy
tumblr: tumblr.com/privacy

As defined by the GDPR, combined responsible parties of my facebook page (https://www.facebook.com/PenWinterArt) are:

Facebook Ireland Ltd. (in following „Facebook“)
4 Grand Canal Square
Grand Canal Harbour
Dublin 2
Irland

and the controller named in 1. of this privacy notice.

a) Information about my Facebook page
We run our page in order to gain attention for our services and products and to be able to communicate with you as a visitor of that site. As owner of that facebook page, we have no interest on gaining personal data or to handle personal data for analysing or marketing purposes.  We operate our Facebook page, including the handling of personal data of its users, within our justified interests in a contemporary and widely supported means of information and interaction opportunity with our visitors and users according to art. 6 paragraph 1 lit. f GDPR.

b) Handling of personal data by Facebook
The European Court (EuGH) ruled on the 5th of June 2018 Facebook and the creator of a facebook page to be combined controller for the handling of personal data. To our knowledge Facebook is using personal data of users for the following purposes: advertising (analysis, creating personalised advertising), creating user profiles, market research.
Facebook is using cookies in order to save and handle these data. If the user possesses a Facebook account and is logged in, these data is also collected across devices. The privacy notice of Facebook holds more information on this topic: facebook.com/about/privacy/

Your right to object (so called. Opt-Out) can be found here: facebook.com/settings?tab=ads and here youronlinechoices.com. Facebook Inc., the US American mother company of Facebook Ireland Ltd. is certified with the EU-U.S. Privacy-Shield and thus promises to act according to the European privacy policies. Further information of the state of the Privacy-Shield can be found here: privacyshield.gov. The transfer and further handling of personal data of Facebook users to third party countries, like the USA, and possible risks by this for the users can not be ruled out by me as owner of my facebook page. 

c) Statistic data
Our Facebook page gives us access to so called “insights” of different categories (‘Follower’, ‘Liked’, ‘People Reached’ and ‘Engagement’) and a choosable timespan. Those statistics are generated and offered by Facebook. As the page owner we have no impact on the creation and visualising of these. We can not turn off this function, nor stop this statistic data from being created and spread.
The insights displayed are: Page views, page likes, post engagements, reach, video views, comments, shares, actions on page, replies, clicks on shop, demographic data about people who liked my page based on age, gender, country and language provided by their user profile. Due to the permanent development of Facebook, the accessibility and processing of data is a subject of change, thus we refer to Facebooks privacy policy stated above. 

d) User rights
If you want information, or if you have questions about your rights as a user, we recommend contacting Facebook directly, as only Facebook has complete access to your user data.  If you need help to contact Facebook, or if you have general questions, feel free to email us. If you wish to end the data processing stated above, please use the function of recalling your “like” by “unliking the page” and/or “unfollow this page”. This stops the connection of your profile data to a page’s insights.

Do NOT follow this link or you will be banned from the site!